Actually, the subject is switched before calling the handler (so it doesn't have to worry about it, and is just a normal bean method) - the timer holds the user info.
For example, this executes the handler as either the given user or anonymous...
if (emailAddress == null)
AnonymousUser userPrincipal = new AnonymousUser("$anon$");
else
AuthenticatedUser userPrincipal = new AuthenticatedUser(emailAddress);
Set principals = new HashSet();
principals.add(userPrincipal);
subject = new Subject(false, principals, new TreeSet(), new TreeSet());
Subject.doAsPrivileged(subject,
new PrivilegedExceptionAction() {
public Object run() throws IOException, ServletException {
handler(args);
return null;
}
}, null);
[Message sent by forum member 'mrawl' (mrawl)]
http://forums.java.net/jive/thread.jspa?messageID=299172